Multi-task network anomaly detection using federated learning

Publication Type:
Conference Proceeding
ACM International Conference Proceeding Series, 2019, pp. 273 - 279
Issue Date:
Filename Description Size
Multi-Task Network Anomaly Detection using Federated Learning.pdfPublished version1.4 MB
Adobe PDF
Full metadata record
© 2019 Association for Computing Machinery. Because of the complexity of network traffic, there are various sig-nificant challenges in the network anomaly detection fields. One of the major challenges is the lack of labeled training data. In this paper, we use federated learning to tackle data scarcity problem and to preserve data privacy, where multiple participants collaboratively train a global model. Unlike the centralized training architecture, participants do not need to share their training to the server in federated learning, which can prevent the training data from being exploited by attackers. Moreover, most of the previous works focus on one specific task of anomaly detection, which restricts the application areas and can not provide more valuable information to network administrators. Therefore, we propose a multi-task deep neural network in federated learning (MT-DNN-FL) to perform network anomaly detection task, VPN (Tor) traffic recognition task, and traffic classification task, simultaneously. Compared with multiple single-task models, the multi-task method can reduce training time overhead. Experiments conducted on well-known CICIDS2017, ISCXVPN2016, and ISCXTor2016 datasets, show that the detection and classification performance achieved by the proposed method is better than the baseline methods in centralized training architecture.
Please use this identifier to cite or link to this item: